Personal computer systems, especially portable computers such as laptop, notebook and handheld computer systems increasingly are called upon to store and retrieve data that is confidential to either the user or the organization the user represents. This can leave the data vulnerable to theft and misuse by competitors or other malicious entities. Several methods have been used to attempt to keep this data private including user passwords, encryption programs and dedicated equipment. Each of these current approaches have limitations which are addressed in this invention.
Most sophisticated modern operating systems require the user to log-in the system before use. This login attempts to authenticate the user and then applies certain access rights to the user for data that is stored on the system. The drawback of this approach is that the data in the mass storage device (such as a hard disk) is stored as plaintext. If the mass storage device were removed from the system and placed in another system, the contents of the mass storage device could be accessed and the data compromised. An example of this is the login requirement of Microsoft Windows NT.
Encryption programs on the computer, such as the Invincible Disk product from Invincible Data Systems, use the host processor to encrypt and decrypt data going between the operating system and the mass storage device. This approach protects the data on the mass storage device itself by encrypting it before the data is stored. This approach suffers from several drawbacks against malicious or focused attacks on the system. First, the encryption and decryption keys must be stored somewhere in the computer system itself. For most PCs, this means that the keys must be stored in the mass storage media. Since the keys are stored along with the data, it means that everything the attacker needs to compromise the data is stored on the mass storage media and can be taken offsite and attacked. The second problem is that any program running on the PC is subject to attacks by viruses which would seek to steal keys or incapacitate or neutralize the encryption, or by decompilation or disassembly by a sophisticated attacker seeking to extract universal key and algorithm information. Either way software represents a risk to the integrity and confidentiality of the data.
Dedicated equipment is seen as the best way to keep the confidential data from becoming vulnerable to attack, and several approaches have been taken to do this. Bensimon et al. disclosed a “Removable Computer Security Device” in U.S. Pat. No. 5,533,125. This device requires a password to be authenticated on the device before read or write access can be made to the device. Unfortunately, it also teaches that the data, as well as the passwords are still stored as plaintext on the mass storage media itself. This leaves the data vulnerable because it can still be accessed directly from the mass storage media by a sophisticated attacker.
Levy et al. disclosed a “Secure Mass Storage System for Computers” in U.S. Pat. No. 5,748,744. This disclosure teaches the addition of a crypto engine on the mass storage device. This device requires command set extensions to the operating system for providing the passwords to the mass storage system, as well as storing the encryption keys in the storage medium itself. While the data in the storage media is encrypted, the keys being stored in the media as well leave the media open to attack because the key material can be extracted directly from the mass storage media. As well, the user supplied key is sent from the CPU system to the mass storage system through one or more programs. These programs as well as the interface between the CPU system and the mass storage system are subject to attacks from virus programs or by direct observation of the data traveling over the interface.
Fukuzumi disclosed a “Security System Apparatus for a Memory Card and a Memory Card Employed Therefore” in U.S. Pat. No. 5,845,066. This disclosure teaches a PCMCIA memory card where the password is stored encrypted on the card. The host computer is required to take the “ . . . coded enciphering control data which, when decoded, reveals a predetermined password . . . ” The predetermined password is revealed by decoding the enciphering control data using the host information processing device (computer) and presented to the access control section of the memory card. This invention teaches enabling access to the contents of the memory card, not to encrypt or scramble the data on the card. Again, this approach requires a program on the computer to decode the coded data to reveal the password, which is sent back from the computer to the access control section. This invention does not address the confidentiality of the data stored in the memory of the card itself, nor any attacks on the host computer to steal the password information.
Jones et al. disclosed an “Encrypted Data Storage Card Including Smartcard Integrated Circuit for Storing an Access Password and Encryption Keys” in U.S. Pat. No. 5,623,657. This disclosure teaches a memory card with an integrated encrypt/decrypt function and a smartcard IC used to securely store the user passwords and encryption keys required for operation. While this device addresses the requirement to store data on the card in an encrypted format it still requires the host computer to provide the password. Additionally, the approach disclosed restricts a single password per memory partition, not supporting the use of multiple users with distinct passwords for the same partition.